• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 9th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

The First Ransomware to Exploit Telegram Cracked and Decryptor Published

November 24th, 2016 David Balaban Malware, Cyber Crime, Security 0 comments
The First Ransomware to Exploit Telegram Cracked and Decryptor Published
Share on FacebookShare on Twitter

A security researcher whose name is Nathan Scott managed to break the encryption model employed by the Telecrypt ransomware.

The unusual characteristic that made this virus to stand out was the server-client connection method. This time ransomware creators decided to make use of the Telegram protocol, as opposed to HTTPS or HTTP like the majority of ransomware does nowadays.

Also Read: 7 Cases When Victims Paid Ransom to stop cyber attacks

Since it is dependent upon Telegram, Telecrypt requires an Internet connection to begin its harmful actions. Telecrypt is written in Delphi; the binary size is 3 MB. Telecrypt behavior starts when the victim launches its binary.

Before Telecrypt may encrypt any data, its owners have to set up a Telegram bot. For every single bot, the Telegram API presents a token ID.

Once victims click on the ransomware binary, the Telecrypt’s initial move is to ping the API at api.telegram.org/bot/getme applying the hard coded bot token they obtained.

After that, Telecrypt employs the Telegram’s protocol to submit a message to a Telegram channel, whose ID is hard coded in the virus too.

ransom-note

This all makes Telecrypt unique, although its risk scope is not big because it attacks only Russian speaking audience. The ransom note also exists only in Russian language variant.

Also Read: Hackers Found Their Way Inside Telegram App

You can find the Telecrypt virus decryptor here. There are two files inside the decrypter itself and instructions inside the text file. The decryptor’s  user interface is straightforward and self-explaining, but it is still better to get acquainted with the instructions beforehand.

decrypter

The decryptor requires admin rights to run. In Windows 10, for example, you just have to right-click and select “Run as Administrator.” In some older Windows versions, you should right-click the file, then go to Properties, after that choose Compatibility tab and finally find click on the “Run This Program As An Administrator.”

For the decryptor to work, users need to have both an encrypted and unencrypted versions of the same file. This requirement is very important for identifying the encryption key.

One can find unencrypted files in an email inbox or sent folder, cloud syncing drives like Dropbox or inside old backups.

After the decryptor discovers the encryption key, it is going to offer victims to decrypt either a list of files or files in the specific folder. You can find the list of all your encrypted files in “%USERPROFILE%/Desktop/База зашифр файлов.txt”

[fullsquaread][/fullsquaread]

Also Read: The Nastiest of all Ransomware Mamba Encrypts Entire Hard Drive

Although individual initiatives of ransomware decryption keep on going, a lot of malware analysts join the NoMoreRansom project which unites the virus researchers’ efforts to break the encryption of numerous types of ransomware.

  • Tags
  • Cyber Crime
  • hacking
  • internet
  • Malware
  • Privacy
  • Ransomware
  • security
  • Telecrypt
  • Telegram
Facebook Twitter LinkedIn Pinterest
Previous article It's Google.com not ɢoogle.com; beware of the pro-Trump spam domain
Next article Malware can Convert your Headphones into Microphone for Hackers
David Balaban

David Balaban

David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Related Posts
European Banking Authority victim in Microsoft Exchange Server hack

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam

John McAfee Charged with Fraud in Cryptocurrency Scam

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
European Banking Authority victim in Microsoft Exchange Server hack
Hacking News

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data
Android

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us